Back to skill

Security audit

conversations

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it locally imports OpenClaw conversation history into a searchable SQLite database, but users should treat that database as sensitive.

Install only if you are comfortable creating a local searchable copy of your OpenClaw chat history. Protect or delete conversations.db if your sessions include credentials, personal data, or confidential work, and be cautious before enabling the cron example because it will keep importing new conversations over time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly imports prior conversations into a local SQLite database, but the description does not prominently warn that potentially sensitive historical content will be copied to disk and made searchable. This increases the risk of unintentional retention, broader local exposure, and accidental disclosure to other local users, tools, backups, or malware on the same machine.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script prints conversation content from a local history database directly to stdout, which can expose sensitive prompts, secrets, personal data, or prior session context to anyone with terminal access or to logs that capture command output. In a conversation-history skill, this risk is elevated because the entire purpose is retrieving potentially sensitive historical content, so accidental disclosure is a realistic misuse case.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.